Beware of the Fake LastPass iPhone App Scam: Important Information to Stay Safe

Even though you might have obtained them from an authorized app store, counterfeit applications can result in all kinds of issues, from deceptive charges to malware being installed on your smartphone. But what if the phony app in question is imitating one of the top password managers?

In a post on its website, LastPass is cautioning users that a bogus application is mimicking the well-liked password manager on the Apple App Store. The application in question attempts to replicate LastPass’ authorized app down to a T by using the company’s branding and mirroring its user interface.

However, if you take a close look, you’ll observe that the counterfeit application is labeled “LassPass” and not “LastPass”. Regrettably though, due to the way our brains are programmed to read, unwary LastPass users may have inadvertently downloaded this imitation application. The reason is that its name plays on typoglycemia, or the phenomenon where when a word has the correct first and last letter but the letters in between them are incorrect, we still read it correctly.

Thankfully, this fake “LassPass” app has now been taken off from the App Store but if you did download it and attempt to sign into your account, you could be in trouble. Here’s everything you need to know along with some steps on how to avoid falling for counterfeit applications in the beginning.

The worst kind of bogus application

Other bogus applications can’t do nearly the amount of damage that one mimicking a password manager can. This is because a password manager is used to store all of your credentials across a wide variety of sites and online services.

At the moment though, we don’t know whether or not this fake “LassPass” app — created by Parvati Patel with a privacy policy hosted at blunee[.]com — was able to steal the login credentials or primary passwords of LastPass users. If it was though, this could have serious implications for any LastPass user that accidentally downloaded it.

With your primary password in hand, the creators of the application could access your LastPass password vault and from there, gain access to all of the credentials you’ve stored within it. From here, they could lock you out of your social media accounts and worse, drain your bank accounts.

If you did happen to download this counterfeit LastPass application, then you’re going to need to modify all of your passwords ASAP. If you still have access to the the password manager, you’re in luck as it includes the ability to automatically change many of your passwords. If you don’t though, you’re going to have to do this manually which can be a tedious and time-consuming process. Still though, it beats losing access to all of your online accounts.

How to spot counterfeit applications on the App Store

A photo an iPhone in hand, with the Apple Music App Store page open, on the Ratings and Reviews section

(Image credit: Future)

Despite Apple and Google’s best efforts, bogus applications impersonating popular brands do manage to slip through the cracks from time to time. This is why, even if you’re looking for new applications on an authorized app store, you still need to be able to spot a fake.

In this case, a simple examination of the application’s name would have worked since LastPass was spelled incorrectly. However, sometimes hackers, cybercriminals and scammers use foreign alphabets to make their counterfeit applications — and websites — appear more legitimate. When this happens, you want to scroll all the way down on an application’s listing page and look for developer info on the Google Play Store or the seller info on the App Store.

The actual LastPass application is developed and distributed by LogMeIn, Inc while the counterfeit one had Parvati Patel listed as its creator. This is a major red flag and a sign that you should avoid an application entirely. Normally, applications have the name of the company that developed them listed on the app store which is why the name of an individual developer stands out like a sore thumb.

If you’re concerned about bogus apps on any official app store, you can always go to a company’s official website and then head to their app store listing from there. Just be cautious on Google Search though as scammers like to impersonate big brands by buying ads on the search engine. For this reason, you should always scroll down past the sponsored results until you find the real ones. Most businesses have a direct link to their applications on their sites and if you’re concerned you might not be able to spot a fake, this is the best course of action to take when installing new applications.

Another thing you want to look out for are ratings. While the actual LastPass application has over 52 thousand ratings, the bogus LassPass application only had one, five-star rating. At the same time, you also want to check any user reviews as people are quick to point out when they’ve been scammed by a counterfeit or malicious application.

The counterfeit LastPass application has now been removed from the App Store, but Tom’s Guide has reached out to Apple to learn more about how this happened in the beginning. We’ll update this story if and when we hear back from the iPhone maker.

More from Tom’s Guide

Leave a Reply

Your email address will not be published. Required fields are marked *